Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.6 views

CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

9.8CVSS7.1AI score0.02512EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1043

Malware in sbrugna...

9.8CVSS9.3AI score0.02512EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-43322

Malicious code in bioql PyPI...

10CVSS6.5AI score0.00537EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-53520

Malicious code in bioql PyPI...

9.1CVSS6.4AI score0.00453EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1091

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01357EPSS
Exploits1References3
Veracode
Veracode
added 2025/02/10 2:43 a.m.7 views

Prototype Pollution

utils-extend is vulnerable to Prototype Pollution. The vulnerability is due to the lib.extend function, which allows an attacker to modify the global prototype chain and potentially cause a denial of service DoS...

9.1CVSS9AI score0.00453EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2025/02/06 6:31 a.m.7 views

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +801 more potentially affected by CVE-2024-57077 via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

9.1CVSS5.7AI score0.00453EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/02/06 6:31 a.m.9 views

utils-extend Prototype Pollution

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...

9.1CVSS6.6AI score0.00453EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/02/05 10:15 p.m.10 views

CVE-2024-57077

The latest version of utils-extend 1.0.8 is vulnerable to Prototype Pollution through the entry functions lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service DoS a the minimum...

9.1CVSS0.00453EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/15 12:0 a.m.4 views

steal 安全漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal 2.2.4, which stems from prototype contamination of function extend in StealJS via the key variable in babel....

9.8CVSS8.2AI score0.01055EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/02/19 12:1 a.m.10 views

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

9.8CVSS7.2AI score0.01357EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/15 2:56 p.m.5 views

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

9.8CVSS7.2AI score0.01357EPSS
Exploits1
Snyk
Snyk
added 2021/12/15 2:48 p.m.4 views

Prototype Pollution

Overview extend2 is a forked from node-extend, the difference is overriding array as primitive when deep clone. Affected versions of this package are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge. POC: js var e = require "extend2" etrue, ,...

9.8CVSS9AI score0.0145EPSS
Exploits1References2
CNVD
CNVD
added 2021/06/03 12:0 a.m.7 views

Unspecified vulnerability in js-extend

js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

9.8CVSS7.7AI score0.02961EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.4 views

js-extend 安全漏洞

js-extend is a module for Npm with extension capabilities. A security vulnerability exists in js-extend versions 0.0.1 through 1.0.1, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

9.8CVSS6.3AI score0.02961EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2020/09/03 3:51 p.m.4 views

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +801 more potentially affected by CVE-2020-8147 via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

9.8CVSS7.2AI score0.03149EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/03/23 11:22 a.m.11 views

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +801 more potentially affected by CVE-2020-8147 +1 more via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

9.8CVSS7.2AI score0.03149EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.5 views

The vulnerability of the jQuery.extend function (true, {}, …) in the jQuery library allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the jQuery.extend function exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected information...

6.1CVSS6.6AI score0.87218EPSS
Exploits4References13Affected Software17
BDU FSTEC
BDU FSTEC
added 2019/04/23 12:0 a.m.7 views

The vulnerability of the jQuery.extend() function in the jQuery library allows a hacker to trigger a denial-of-service attack, execute arbitrary JavaScript code, or enhance their privileges.

The vulnerability of the jQuery.extend function in the jQuery library is related to the lack of restrictions on changes to the “proto” property when performing the extend operation. Exploiting this vulnerability can allow a malicious actor to cause service failures, execute arbitrary JavaScript...

8.1CVSS7.1AI score0.87218EPSS
Exploits4References21Affected Software65
vulnersOsv
vulnersOsv
added 2019/02/07 6:17 p.m.6 views

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +710 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)

node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...

9.8CVSS7.2AI score0.01719EPSS
Exploits1
Rows per page
Query Builder